Apache Mesos
credentials.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __CREDENTIALS_HPP__
18 #define __CREDENTIALS_HPP__
19 
20 #include <string>
21 #include <vector>
22 
23 #include <stout/option.hpp>
24 #include <stout/path.hpp>
25 #include <stout/protobuf.hpp>
26 #include <stout/try.hpp>
27 
28 #include <stout/os/permissions.hpp>
29 #include <stout/os/read.hpp>
30 
31 namespace mesos {
32 namespace internal {
33 namespace credentials {
34 
36 {
37  LOG(INFO) << "Loading credentials for authentication from '" << path << "'";
38 
40  if (read.isError()) {
41  return Error("Failed to read credentials file '" + path.string() +
42  "': " + read.error());
43  } else if (read->empty()) {
44  return None();
45  }
46 
48  if (permissions.isError()) {
49  LOG(WARNING) << "Failed to stat credentials file '" << path
50  << "': " << permissions.error();
51  } else if (permissions->others.rwx) {
52  LOG(WARNING) << "Permissions on credentials file '" << path
53  << "' are too open; it is recommended that your"
54  << " credentials file is NOT accessible by others";
55  }
56 
57  // TODO(nfnt): Remove text format support at the end of the deprecation cycle
58  // which started with version 1.0.
59  Try<JSON::Object> json = JSON::parse<JSON::Object>(read.get());
60  if (!json.isError()) {
61  Try<Credentials> credentials = ::protobuf::parse<Credentials>(json.get());
62  if (!credentials.isError()) {
63  return credentials.get();
64  }
65  }
66 
67  Credentials credentials;
68  foreach (const std::string& line, strings::tokenize(read.get(), "\n")) {
69  const std::vector<std::string>& pairs = strings::tokenize(line, " ");
70  if (pairs.size() != 2) {
71  return Error("Invalid credential format at line " +
72  stringify(credentials.credentials().size() + 1));
73  }
74 
75  // Add the credential.
76  Credential* credential = credentials.add_credentials();
77  credential->set_principal(pairs[0]);
78  credential->set_secret(pairs[1]);
79  }
80  return credentials;
81 }
82 
83 
85 {
86  LOG(INFO) << "Loading credential for authentication from '" << path << "'";
87 
89  if (read.isError()) {
90  return Error("Failed to read credential file '" + path.string() +
91  "': " + read.error());
92  } else if (read->empty()) {
93  return None();
94  }
95 
97  if (permissions.isError()) {
98  LOG(WARNING) << "Failed to stat credential file '" << path
99  << "': " << permissions.error();
100  } else if (permissions->others.rwx) {
101  LOG(WARNING) << "Permissions on credential file '" << path
102  << "' are too open; it is recommended that your"
103  << " credential file is NOT accessible by others";
104  }
105 
106  Try<JSON::Object> json = JSON::parse<JSON::Object>(read.get());
107  if (!json.isError()) {
108  Try<Credential> credential = ::protobuf::parse<Credential>(json.get());
109  if (!credential.isError()) {
110  return credential.get();
111  }
112  }
113 
114  // TODO(nfnt): Remove text format support at the end of the deprecation cycle
115  // which started with version 1.0.
116  Credential credential;
117  const std::vector<std::string>& line = strings::tokenize(read.get(), "\n");
118  if (line.size() != 1) {
119  return Error("Expecting only one credential");
120  }
121  const std::vector<std::string>& pairs = strings::tokenize(line[0], " ");
122  if (pairs.size() != 2) {
123  return Error("Invalid credential format");
124  }
125  // Add the credential.
126  credential.set_principal(pairs[0]);
127  credential.set_secret(pairs[1]);
128  return credential;
129 }
130 
131 } // namespace credentials {
132 } // namespace internal {
133 } // namespace mesos {
134 
135 #endif // __CREDENTIALS_HPP__
Definition: path.hpp:26
Definition: errorbase.hpp:36
T & get()&
Definition: try.hpp:73
Definition: check.hpp:33
Try< Permissions > permissions(const std::string &path)
Definition: permissions.hpp:61
Definition: check.hpp:30
bool rwx
Definition: permissions.hpp:52
std::map< std::string, std::vector< std::string > > pairs(const std::string &s, const std::string &delims1, const std::string &delims2)
Definition: strings.hpp:223
std::vector< std::string > tokenize(const std::string &s, const std::string &delims, const Option< size_t > &maxTokens=None())
Definition: strings.hpp:139
Represents a POSIX or Windows file system path and offers common path manipulations.
Definition: path.hpp:145
Definition: spec.hpp:26
void json(JSON::ObjectWriter *writer, const Task &task)
struct os::Permissions::@21 others
static Try error(const E &e)
Definition: try.hpp:42
Result< std::string > read(int_fd fd, size_t size)
Definition: read.hpp:55
Result< Credential > readCredential(const Path &path)
Definition: credentials.hpp:84
Definition: none.hpp:27
Definition: attributes.hpp:24
bool isError() const
Definition: try.hpp:71
Result< Credentials > read(const Path &path)
Definition: credentials.hpp:35
std::string stringify(int flags)
const std::string & string() const
Definition: path.hpp:320